Phoeun Pha wrote: > "Security > Don't use hidden fields to pass any sensitive or important variable > (e.g., "price" or a limitation on record set returns). While it's less > of a problem with ColdFusion, it takes seconds to hack a page written > in Perl or any CGI/server-side language that passes hidden form field > variables. (Hacking 101: simply save the page source as an htm file, > change the hidden variable to a price or limitation you like better, > and pass your new local page to the absolute URL of the processing page." > > How does one pass a local page to the absolute URL of the processing page?
By substituting the location of the action page, which is usually a relative URL, with the absolute URL of the action page and pressing "Submit". Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=5 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_community This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting.
